Adding permission so MYPAGE_EMPLOYEE group can edit password like in 691430 Was ==>Question -- How does a normal user change there own password??

[BJ Freeman <bj...@free-man.net>]

In light of this I agree that this should be on dev list.
Hans:
in 691430 I am able to change the userlogin with just the MYPAGE_EMPLOYEE.
As Bruno pointed out the current Svn does not allow this.
Solution would be to have a Permission to allow editing ones login.
the default is that permission is not set in the MYPAGE_EMPLOYEE but can
be added.

BJ Freeman sent the following on 9/21/2008 3:26 AM:
> I remember adrian and hans having a converstaion on the dev list about
> this. some weeks ago.
> 
> BJ Freeman sent the following on 9/21/2008 2:29 AM:
>> I validated you findings on the demo server.
>> I compared the security permission for the group and see no difference
>> so I assume the security permission for the user login has been changed
>> since
>> svn 691430
>> but I don't have time to check it out the commit list as to when or how.
>>
>>
>> Bruno Busco sent the following on 9/21/2008 2:09 AM:
>>> I may be blind,
>>> I am trying also with https://demo.hotwaxmedia.com/mypage using user
>>> DemoEmployee
>>> I can't find the edit userlogin button.
>>> -Bruno
>>>
>>> 2008/9/21 BJ Freeman <bj...@free-man.net>
>>>
>>>> My understanding of Dev is if it has to do with changing the design of
>>>> ofbiz
>>>> I may be wrong but this sounds more like a bug.
>>>> that could be dev but I see as user
>>>> I am open to a clarification.
>>>> :D
>>>> my permission is MYPAGE_EMPLOYEE only.
>>>> So only mypage and projects show when the user logs in.
>>>> I am taken to the My page.
>>>> I click on profile
>>>> then edit userlogin
>>>> when I click on save i get no error  messages.
>>>>
>>>> this is with svn 691430
>>>>
>>>>
>>>> Bruno Busco sent the following on 9/21/2008 12:50 AM:
>>>>> Hi BJ,
>>>>> I have created a new user and given him the following permission:
>>>>> CATALOG_VIEW, MYPAGE_EMPLOYEE, OFBTOOLS_VIEW, ORDERMGR_VIEW
>>>>>
>>>>> the UI button to go the editlogin is not present anywhere.
>>>>> if I put the url https://localhost:8443/mypage/control/editloginmanually I
>>>>> get the screen but I get a getUserPreferences service error when I press
>>>> the
>>>>> "save" button.
>>>>>
>>>>> I switch, as suggested, the thread back to the user ML but I definetely
>>>>> think its a dev issue ;-)
>>>>>
>>>>> Thank you,
>>>>> Bruno
>>>>>
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: BJ Freeman <bj...@free-man.net>
>>>>> Date: 2008/9/21
>>>>> Subject: Re: Question -- How does a normal user change there own
>>>> password??
>>>>> To: user@ofbiz.apache.org
>>>>> Cc: dev@ofbiz.apache.org
>>>>>
>>>>>
>>>>> a user that has the permissions to see their profile can change their
>>>>> password thru
>>>>> https://localhost:8443/mypage/control/editlogin
>>>>> and be able to access this thru
>>>>> https://localhost:8443/mypage/control/main
>>>>> the user has to have mypage permission.
>>>>> I just tested this.
>>>>> Note: they can not change their permissions.
>>>>> Should be on the user mailing list
>>>>>
>>>>>
>>>>> Bruno Busco sent the following on 9/20/2008 10:45 PM:
>>>>>> Hi Philip,
>>>>>> has there been any improvement on this?
>>>>>> I need the "change my password" feature for standard backend users (non
>>>>>> admin) and I wonder if it has been decided how to implement it.
>>>>>> Thank you,
>>>>>> -Bruno
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> From: Jacques Le Roux <ja...@les7arts.com>
>>>>>> Date: 2008/8/21
>>>>>> Subject: Re: Question -- How does a normal user change there own
>>>>> password??
>>>>>> To: user@ofbiz.apache.org, "Philip W. Dalrymple III" <pw...@mdtsoft.com>
>>>>>>
>>>>>>
>>>>>> I guess they are aware now...
>>>>>>
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>> From: "Philip W. Dalrymple" <pw...@mdtsoft.com>
>>>>>>
>>>>>>> Understood
>>>>>>> How do I get in touch with Hans and Adrain, this is an area that
>>>>>>> I might be able to add a small bit of manpower to but don't want
>>>>>>> to either step on toes or re-invent the wheel on.
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "BJ Freeman" <bj...@free-man.net>
>>>>>>> To: user@ofbiz.apache.org
>>>>>>> Sent: Thursday, August 21, 2008 8:05:43 AM GMT -05:00 US/Canada Eastern
>>>>>>> Subject: Re: Question -- How does a normal user change there own
>>>>> password??
>>>>>>> your are right it is something that is just being address. there is not
>>>>>>> a lot of manpower to move it forward fast
>>>>>>> currently Hans and Adrain are the ones that are involved in it.
>>>>>>> I am more from a interested party but not involved.
>>>>>>> The My page has profile info on it.
>>>>>>> you just have to remove the permission for partymager from those that
>>>>>>> you don't want to have access.
>>>>>>> But there are other companies i have worked for that want everyone to
>>>>>>> see everything.
>>>>>>> so it is more once the installation goes in how security will be
>>>> handled.
>>>>>>> Philip W. Dalrymple sent the following on 8/21/2008 4:53 AM:
>>>>>>>
>>>>>>>> I found the place in party (user name edit).
>>>>>>>>
>>>>>>>> I would think that, for most internal (backoffice) user, this is
>>>>>>>> not a place that the admin would want to allow access even to there
>>>>>>>> own login. I would think that most users would NOT have access to the
>>>>>>>> user login edit rights even if they can modify other "party" data and
>>>>>>>> I would think that most internal users would not have general party
>>>> edit
>>>>>>>> rights (they might change party data via other interfaces that are
>>>> more
>>>>>>>> limited).
>>>>>>>>
>>>>>>>> Am I missing something or is this just a place that has not been
>>>> worked
>>>>>>>> on in OfBiz much yet.
>>>>>>>>
>>>>>>>> I do note that in the "banner" at the top right there are two items
>>>> that
>>>>>>>> I would expect to be a part of the "users profile", time zone, and
>>>>>>>> language.
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>> From: "Jacques Le Roux" <ja...@les7arts.com>
>>>>>>>> To: user@ofbiz.apache.org
>>>>>>>> Sent: Wednesday, August 20, 2008 9:30:34 AM GMT -05:00 US/Canada
>>>> Eastern
>>>>>>>> Subject: Re: Question -- How does a normal user change there own
>>>>>>>> password??
>>>>>>>>
>>>>>>>> This is done in the person's profile (in Party) in "User Name(s)"
>>>>> section
>>>>>>>> : edit on login line
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>> From: "Philip W. Dalrymple" <pw...@mdtsoft.com>
>>>>>>>> To: <us...@ofbiz.apache.org>
>>>>>>>> Sent: Wednesday, August 20, 2008 2:50 PM
>>>>>>>> Subject: Re: Question -- How does a normal user change there own
>>>>>>>> password??
>>>>>>>>
>>>>>>>>
>>>>>>>>  I was not thinking about customers, (we would only have "backend"
>>>>> users)
>>>>>>>>> for a internal users who needs to change there password (say because
>>>> of
>>>>>>>>> company rules or just because they want to) should there be a way for
>>>>>>>>> them to change passwords?
>>>>>>>>>
>>>>>>>>> (I tend to use the term "internal" user to refer to people who work
>>>>>>>>> for the company who runs the system)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "BJ Freeman" <bj...@free-man.net>
>>>>>>>>> To: user@ofbiz.apache.org
>>>>>>>>> Sent: Wednesday, August 20, 2008 7:37:06 AM GMT -05:00 US/Canada
>>>>> Eastern
>>>>>>>>> Subject: Re: Question -- How does a normal user change there own
>>>>>>>>> password??
>>>>>>>>>
>>>>>>>>> There was, at on time, an added dialog on the login, that allow the
>>>>> user
>>>>>>>>> to request a new login if they had lost it.
>>>>>>>>> a "customer" can not access the back end except for order status.
>>>>>>>>> there has been talk on the dev list about letting the "customer" use
>>>>> the
>>>>>>>>> new mypage feature that give them access to their profile.
>>>>>>>>> this, at this time, is not the case.
>>>>>>>>>
>>>>>>>>> Philip W. Dalrymple sent the following on 8/20/2008 3:46 AM:
>>>>>>>>>
>>>>>>>>>> I am looking at OfBiz (current SVN head or as of a few days ago)
>>>>>>>>>> and don't see how a normal user is supposed to change there password
>>>>>>>>>>
>>>>>>>>>> I see in the party section where a admin can change the password and
>>>>>>>>>> found that when a user is created the admin creating the user can
>>>>> force
>>>>>>>>>> a password change on the user but I can't find how a normal (non
>>>>> admin)
>>>>>>>>>> user is supposed to change there own password.
>>>>>>>>>>
>>>>>>>>>> Also there does not appear to be a way for the admin to re-set a
>>>> users
>>>>>>>>>> password and then force them to change there password the next time
>>>>> the
>>>>>>>>>> user logs in (except via the "Entity Engine Tools" in the web tools
>>>>>>>>>> app.
>>>>>>>>>>
>>>>>>>>>> Am I just missing something or is this a missing bit of OfBiz?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> This email, and any files transmitted with it, is confidential and
>>>>>>>>> intended solely for the use of the individual or entity to whom they
>>>>> are
>>>>>>>>> addressed.  If you have received this email in error, please advise
>>>>>>>>> postmaster@mdtsoft.com <ma...@mdtsoft.com>.
>>>>>>>>>
>>>>>>>>> New MDT Software Headquarters (As of July 1, 2008):
>>>>>>>>> 3480 Preston Ridge Road
>>>>>>>>> Suite 450
>>>>>>>>> Alpharetta, GA 30005
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Philip W. Dalrymple III <pw...@mdtsoft.com>
>>>>>>>>> MDT Software - The Change Management Company
>>>>>>>>> +1 678 297 1001
>>>>>>>>> Fax +1 678 297 1003
>>>>>>>>>
>>>>>>>>>
>>>>>>> --
>>>>>>> This email, and any files transmitted with it, is confidential and
>>>>> intended
>>>>>>> solely for the use of the individual or entity to whom they are
>>>>> addressed.
>>>>>>>  If you have received this email in error, please advise
>>>>>>> postmaster@mdtsoft.com <ma...@mdtsoft.com>.
>>>>>>>
>>>>>>> New MDT Software Headquarters (As of July 1, 2008):
>>>>>>> 3480 Preston Ridge Road
>>>>>>> Suite 450
>>>>>>> Alpharetta, GA 30005
>>>>>>>
>>>>>>>
>>>>>>> Philip W. Dalrymple III <pw...@mdtsoft.com>
>>>>>>> MDT Software - The Change Management Company
>>>>>>> +1 678 297 1001
>>>>>>> Fax +1 678 297 1003
>>>>>>>
>>>>>>>
>>
>>
>>
> 
> 
> 
>